Risk and Opportunity Register 
No. Dateraised RiskID Opportunity/risk description (opportunities 
Number shaded in blue) 


1 26/01/18 R1 The way we exit the European Union, and the 
accompanying uncertainty, impacts on our 
ability to deliver functions, including significant 
impact on ICO services supporting businesses. 
In particular in relation to the status of 
transfers, legal cooperation and the ICO's role 


in EDPB. 


2 30/06/17 R2 As a growing regulator and public service 
provider we fail to build a service culture, with 
staff engaged in delivering reliable and 
responsive services which relate to the needs 


of our varied customers and stakeholders. 


3 30/04/19 R73 As a rapidly expanding organisation we fail to 
introduce the necessary infrastructure and 
culture to ensure appropriate compliance with 
all relevant legal and other obligations 


expected of a modern regulator 


4 27/09/18 R10 Failure to deliver statutory codes of practice 
within the prescribed timeframes and in a way 
that delivers the outcomes we desire as a 


regulator 


5 13/04/18 R11 ICỌ fails to deal with issues arising from 
Operation Cederberg in a timely and effective 
way; in particular in relation to the public 


challenge to ICO regulatory decisions. 


6 22/09/18 R26 Opportunity to identify new technologies to 


improve productivity 
7 30/07/18 R46 Our financial forecasts are inaccurate and we 
underachieve our income targets or overspend 
on costs budgets 


8 19/02/19 R71 The ICO does not successfully inform the 
future regulation of online harms which 
undermines its role as the UK's information 


rights regulator. 
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Legal 


People 


Legal 


Policy 


Reputation 


Finances 


Policy 


Current Current Current Direction Proximity Strategic Target Target 
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4.0 4.0 Same <> Medium Corporate 
term 
3.0 4.0 Same <> Medium Corporate 
term 
4.0 3.0 Same <> Medium Corporate 
term 
3.0 4.0 Same <> Medium Corporate 
term 
3.0 4.0 Same <> Shortterm Corporate 
3.0 4.0 Same <> Medium Corporate 
term 
4.0 3.0 Same <> Medium Corporate 
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Opportunity/risk description (opportunities 
shaded in blue) 


ICO fails to maintain and develop strategic 
international relationships which impact on UK 
global data protection and privacy concerns’ — 
this covers EU and US relationships as well as 
other international relationships which are 
needed to UK public’s interests are protected 


ICO is not a relevant, tech savvy regulator. 


ICO fails to meet expectations when dealing 
with its regulatory action priorities in a timely 
and effective way; and hence does not meet 
the wide range of expectations of 
stakeholders. 


Management Board and Executive Team 
capacity and resilience may not be sufficient to 
retain clarity of leadership and direction during 
a critical period of change to the regulatory 
landscape resulting in delay to the 
achievement of the IRSP goals and operational, 
ICO fails to have the organisational capacity to 
respond to current demand for our public 
services 


The impact of unpredictable and/or significant 
litigation costs on financial forecasts and 
budgets 


Cyber security - risk that malicious or 
inadvertent system compromise occurs 
affecting the confidentiality, integrity or 
availability of our information 
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